Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

BoringSSL: Comment out SSL_set1_sigalgs_list() call

It looks like BoringSSL claims to have OPENSSL_VERSION_NUMBER for a
1.1.0 version, but it does not provide SSL_set1_sigalgs_list(). For now,
comment out this regardless of the version BoringSSL claims to be.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen 7 years ago
parent
3cfbd3b0f6
commit
b9dc63c261
1 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      src/crypto/tls_openssl.c

+ 2 - 0
src/crypto/tls_openssl.c
View File 

@@ -2499,12 +2499,14 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags)
 
 		EC_KEY_free(ecdh);
 
 	}
 
 	if (flags & (TLS_CONN_SUITEB | TLS_CONN_SUITEB_NO_ECDH)) {
 
+#ifndef OPENSSL_IS_BORINGSSL
 
 		/* ECDSA+SHA384 if need to add EC support here */
 
 		if (SSL_set1_sigalgs_list(ssl, "RSA+SHA384") != 1) {
 
 			wpa_printf(MSG_INFO,
 
 				   "OpenSSL: Failed to set Suite B sigalgs");
 
 			return -1;
 
 		}
 
+#endif /* OPENSSL_IS_BORINGSSL */
 
 
 		SSL_set_options(ssl, SSL_OP_NO_TLSv1);
 
 		SSL_set_options(ssl, SSL_OP_NO_TLSv1_1);